easybuilders / easybuild-easyconfigs

A collection of easyconfig files that describe which software to build using which build options with EasyBuild.
https://easybuild.io
GNU General Public License v2.0
379 stars 701 forks source link

Armadillo 7.600.2 cannot be build anymore (source file download does not exist) #9566

Open Flamefire opened 4 years ago

Flamefire commented 4 years ago

As the title says: The source file does no longer exist. It used to be at http://sourceforge.net/projects/arma/files/armadillo-7.600.2.tar.xz but was removed.

Hence the EC(s) should be removed.

Bonus points: Add a check that the source files still exist (HTTP HEAD returns not 404) and run that on every EC before a new release to prune out old ones. Manual check still required as servers could be temporarily offline.

boegel commented 4 years ago

@Flamefire It's sad that projects feel the need to remove source tarballs for older software versions, but I don't think this is a reason to remove easyconfigs.

Anyone who has installed the easyconfig before will have a local copy of the tarball, and it's often fairly easy to find a copy of the source tarball somewhere (see https://src.fedoraproject.org/lookaside/extras/armadillo/armadillo-7.600.2.tar.xz/sha512/9ee18882b8e9ab6275c8ff2b9930ad62fd4612cd49469c344a85264114c0c0d1fec5d53b15d784a2e33d7a5df6ef4cbf0854cbefbec67f3f8269f47438b65452/ for example for armadillo-7.600.2.tar.xz).

The important thing here is that we should ensure that SHA256 checksums are in place in all easyconfigs. We've been working towards that ever since we started requiring SHA256 checksums for new/changed easyconfigs in pull requests.

When issues like this pop up, we can make sure that checksums are added for the cached downloads we have, so people can safely download the source tarball from another source.

Something with a cow & horns: #9572

boegel commented 4 years ago

Now #9572 is merged which sort of solves the problem for Armadillo 7.600.2, how do you propose we proceed with this?

Should we cook up a script that checks for broken download links, which we could run periodically, so we can try to fix them if sources were relocated or at the very least make sure SHA256 checksums are in place for those easyconfigs?

How do we organize that, because anything that isn't automated is doomed to be forgotten...

Flamefire commented 4 years ago

Yes I'd suggest to create a script. It should run in parallel and do only HEAD requests. Don't know if Python got something like work queues?

Github actions has something similar to cronjobs, that trigger on time. That can be used to check ECs once a month(?) and it should additionally be done manually before a release.